Cybersecurity Risk Mitigation Maturity

Self-Assessment

Organizations with the most mature security posture outperform their peers.

This free assessment, based on a survey of 500 security strategists, shows where your organization stands today. Based on your results, you'll see customized recommendations to help improve your organization's standing.

Benchmark my maturity against:

Start now

Assessment and benchmark research powered by ESG

No personal data is collected from or about the user in the course of taking the survey.

Cybersecurity Risk Mitigation Maturity

Self-Assessment

Identifying risk

Protecting against risk

Detecting threats and events

How would you describe your organization’s internal cybersecurity program and policies?

Ad-hoc and/or inconsistent Somewhat established, but not completely Well established, but with room for improvement Fully defined and documented

How extensively has your organization inventoried and prioritized physical and digital assets?

Physical systems (e.g., servers, end users’ devices, etc.)

Not at all Somewhat Extensively (but gaps exist) Very extensively

Digital systems (e.g., software, apps, cloud services, etc.)

Not at all Somewhat Extensively (but gaps exist) Very extensively

How often are the following formally reviewed/revised based on changing requirements and trends?

	Ad-hoc	Annually or less than	Quarterly	Monthly or more often	Not sure
Cybersecurity roles and responsibilities
Asset inventories and prioritization
Threat vulnerability management

To what extent does your organization consider data classification, sensitivity, and regulatory requirements when deciding if data needs to be encrypted?

Very much Somewhat (room for improvement) Loosely Not at all

How does your organization segment its networked business systems and data (i.e., create network segments containing only the resources specific to user roles)?

Very extensively Extensively (some gaps exist) Somewhat Not at all

How often are the following formally reviewed/revised based on changing requirements and trends?

	Ad-hoc	Annually or less than	Quarterly	Monthly or more often	Not sure
Identity and access management policies and technologies
Policies related to IT systems’ security configurations
Network segmentation policies
Data encryption policies
Security training requirements

Back

How does your organization utilize threat intelligence capabilities within its Security Information and Event Management solution (SIEM)?

Not applicable, we don’t have a SIEM deployed Limited threat intelligence feeds analyzed and correlated into our SIEM Multiple threat intelligence feeds analyzed and correlated into our SIEM

How would you describe the process of analyzing and correlating threat intelligence into your SIEM?

To what extent has your company defined roles and responsibilities for event detection?

Roles/responsibilities are not fully understood or established Roles/responsibilities are understood, but significant skill gaps/staff shortages exist Roles/responsibilities are understood, but some skill gaps/staff shortages exist Roles/responsibilities are understood and fully staffed

When a security incident is discovered, what best describes the process for communicating details to relevant stakeholders?

Ad-hoc and/or inconsistent Somewhat established, but not completely Well established, but with room for improvement Fully defined, documented

How often are the following formally reviewed/revised based on changing requirements and trends?

	Ad-hoc	Annually or less than	Quarterly	Monthly or more often	Not sure
Event management technologies
Staff levels for event handling
Incident communication processes

Back

Your results

Thank you for taking the time to take our Cybersecurity Risk Mitigation Maturity assessment. Based on your answers, you qualify as organization. Download your customized results and action plan for more details on how your organization can improve.

Download my report Learn More

What does your cohort look like?

The benefits of maximizing maturity: "Leading" organizations outperform their peers*

*Data is based on an analysis of N=500 survey responses collected by AT&T and ESG in March of 2020

Cybersecurity Risk Mitigation Maturity

Self-Assessment

Cybersecurity Risk Mitigation Maturity

Self-Assessment

How would you describe your organization’s internal cybersecurity program and policies?

How extensively has your organization inventoried and prioritized physical and digital assets?

To what extent would you say your company has identified/documented the following vulnerabilities:

How often are the following formally reviewed/revised based on changing requirements and trends?

How effectively/comprehensively is your organization limiting employees’ access and systems’ capabilities according to the principles of least privilege?

To what extent does your organization consider data classification, sensitivity, and regulatory requirements when deciding if data needs to be encrypted?

How does your organization segment its networked business systems and data (i.e., create network segments containing only the resources specific to user roles)?

What best describes the frequency with which your organization conducts formal cybersecurity awareness education/training for its personnel?

How often are the following formally reviewed/revised based on changing requirements and trends?

How does your organization utilize threat intelligence capabilities within its Security Information and Event Management solution (SIEM)?

How would you describe the process of analyzing and correlating threat intelligence into your SIEM?

To what extent has your company defined roles and responsibilities for event detection?

When a security incident is discovered, what best describes the process for communicating details to relevant stakeholders?

How often are the following formally reviewed/revised based on changing requirements and trends?

Cybersecurity Risk Mitigation Maturity

Self-Assessment

Your results

What does your cohort look like?

The benefits of maximizing maturity: "Leading" organizations outperform their peers*

Mark Stone

Cybersecurity Risk Mitigation Maturity

Self-Assessment

Cybersecurity Risk Mitigation Maturity

Self-Assessment

How would you describe your organization’s internal cybersecurity program and policies?

How extensively has your organization inventoried and prioritized physical and digital assets?

To what extent would you say your company has identified/documented the following vulnerabilities:

How often are the following formally reviewed/revised based on changing requirements and trends?

How effectively/comprehensively is your organization limiting employees’ access and systems’ capabilities according to the principles of least privilege?

To what extent does your organization consider data classification, sensitivity, and regulatory requirements when deciding if data needs to be encrypted?

How does your organization segment its networked business systems and data (i.e., create network segments containing only the resources specific to user roles)?

What best describes the frequency with which your organization conducts formal cybersecurity awareness education/training for its personnel?

How often are the following formally reviewed/revised based on changing requirements and trends?

How does your organization utilize threat intelligence capabilities within its Security Information and Event Management solution (SIEM)?

How would you describe the process of analyzing and correlating threat intelligence into your SIEM?

To what extent has your company defined roles and responsibilities for event detection?

When a security incident is discovered, what best describes the process for communicating details to relevant stakeholders?

How often are the following formally reviewed/revised based on changing requirements and trends?

Cybersecurity Risk Mitigation Maturity

Self-Assessment

Your results

Please provide the information below to see your personalized results. You will then be able to download your report directly.

Thank you. Click below to download your report.

What does your cohort look like?

The benefits of maximizing maturity: "Leading" organizations outperform their peers*